Hosting more than one web site, Understanding webdav – Apple Mac OS X Server (Administrator’s Guide) User Manual

Web Service

339

Hosting More Than One Web Site

You can host more than one Web site simultaneously on your Web server. Depending on how
you configure your sites, they may share the same domain name, IP address, or port. The
unique combination of domain name, IP address, and port identifies each separate site. Your
domain names must be registered with the domain name authority (InterNIC). Otherwise,
the Web site associated with the domain won’t be visible on the Internet. (There is a fee for
each additional name you register.)

If you configure Web sites using multiple domain names and one IP address, older browsers
that do not support HTTP 1.1 or later (that don’t include the “Host” request header), will not
be able to access your sites. This is an issue only with software released prior to 1997 and
does not affect modern browsers. If you think your users will be using very old browser
software, you’ll need to configure your sites with one domain name per IP address.

Understanding WebDAV

If you use WebDAV to provide live authoring on your Web site, you should create realms and
set access privileges for users. Each site you host can be divided into a number of realms,
each with its own set of users and groups that have either browsing or authoring privileges. If
your Web site is on an intranet, you may not want to create realms.

Defining Realms

When you define a realm, which is typically a folder (or directory), the access privileges you
set for the realm apply to all the contents of that directory. If a new realm is defined for one
of the folders within the existing realm, only the new realm privileges apply to that folder and
its contents. For information about creating realms and setting access privileges, see “Setting
Access for WebDAV-Enabled Sites” on page 354.

Setting WebDAV Privileges

The Apache process running on the server needs to have access to the Web site’s files and
folders. To do this, Mac OS X Server installs a user named “www” and a group named “www”
in the server’s Users & Groups List. The Apache processes that serve Web pages run as the
www user and as members of the www group. You need to give the www group read access
to files within Web sites so that the server can transfer the files to browsers when users
connect to the sites. If you’re using WebDAV, the www user and www group both need write
access to the files and folders in the Web sites. In addition, the www user and group need
write access to the /var/run/davlocks directory.

Understanding WebDAV Security

WebDAV lets users update files in a Web site while the site is running. When WebDAV is
enabled, the Web server must have write access to the files and folders within the site users
are updating. This has significant security implications when other services are running on
the server, because individuals responsible for one site may be able to modify other sites.